CVE-2022-0386

A post-auth SQL injection vulnerability in the Mail Manager potentially allows an authenticated attacker to execute code in Sophos UTM before version 9.710...

CVE-2021-37925

Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability...

Command injection

Zoho ManageEngine ADManager Plus version 7110 and prior has a Post-Auth OS command injection vulnerability...

CVE-2021-37925

CVE-2021-37925 affects Zoho ManageEngine ADManager Plus, versions 7110 and earlier. The issue is a Post-Auth OS command injection vulnerability, with Red Hat, NVD, PRION, CVE lists and CNNVD entries corroborating the description. The CVSS calculations indicate a high-impact, critical exposure: CV...

CVE-2021-21249

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default when not using SafeConstructor allows the...

CVE-2021-21249

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default when not using SafeConstructor allows the...

Design/Logic Flaw

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener AbstractPostAjaxBehavior in all pages other than the login page. This listener decodes and deserializes the data query parameter. We can access this listener by...

Remote code execution

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default when not using SafeConstructor allows the...

Post-auth queries on compound index may crash mongod

A user authorized to perform database queries may trigger denial of service by issuing specially crafted queries with compound indexes affecting QueryPlanner. This issue affects: MongoDB Inc. MongoDB Server v3.6 versions prior to 3.6.9, v4.0 versions prior to 4.0.3...

Cross site scripting

A post-authenticated stored XSS was found in MultiUx v.3.1.12.0 via the /multiux/SaveMailbox LastName field...

CVE-2019-19461

CVE-2019-19461 affects Team Password Manager (up to version 7.93.204 and earlier). The root cause is described as a cross-site scripting vulnerability resulting from insufficient validation of client-side data, enabling post-authentication stored XSS. An attacker can steal other users’ credential...

Liferay CE 6.0.2 Java Deserialization

Liferay CE 6.0.2 remote code execution via unsafe deserialization Recent assessments: theguly at March 02, 2020 5:11pm UTC reported: on 29th of january 2020 this github1 repo came up, with some newsfeed, speakin about a RCE via deserialization on Liferay 6.0.2 i’m aware that liferay is widely use...

OSSEC-HIDS Security Audit Findings

Hi folks, I spent some free time recently auditing OSSEC. I w...

Pulse Secure VPN Arbitrary Command Execution

This module exploits a post-auth command injection in the Pulse Secure VPN server to execute commands as root. The env1 command is used to bypass application whitelisting and run arbitrary commands. Please see related module auxiliary/gather/pulsesecurefiledisclosure for a pre-auth file read that...

Command injection

MantisBT before 1.3.20 and 2.22.1 allows Post Authentication Command Injection, leading to Remote Code Execution...

Pulse Secure 8.1R15.1 / 8.2 / 8.3 / 9.0 SSL VPN Remote Code Execution

!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Date: 09/05/2019 Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before...

PulseSecure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Remote Code Execution Exploit

!/usr/bin/python Exploit Title: Pulse Secure Post-Auth Remote Code Execution Google Dork: inurl:/dana-na/ filetype:cgi Exploit Author: Justin Wagner 0xDezzy, Alyssa Herrera @AlyssaHerrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0...

Exploit for OS Command Injection in Ivanti Connect_Secure

CVE-2019-11539 Original Discovery: Orange Tsaihttps://...

U.S. Dept Of Defense: Arbitrary File Reading leads to RCE in the Pulse Secure SSL VPN on the https://███

Description Hello. Some time ago, researcher Orange Tsai from DEVCORE team had a talk on Defcon/BlackHat regarding Pulse Secure SSL VPN vulnerabilities fixed on 2019/4/25: CVE-2019-11510 - Pre-auth Arbitrary File Reading CVE-2019-11542 - Post-auth Stack Buffer Overflow CVE-2019-11539 - Post-auth...

pfSense Post-Auth Command Execution Vulnerability

pfSense is a free and open source firewall and router software under FreeBSD. A command execution vulnerability exists in pfSense Post-Auth. An attacker can exploit this vulnerability to gain privileges to execute commands in the root user's environment...